Innovative services from Thales Cyber & Consulting

Becoming MOD Cyber Ready

Those wishing to compete for MOD contracts need to comply with the requirements stipulated in DEFCON658. Thales offers a consultancy service to help you get to grips with the new MOD cyber requirements in the most efficient and cost effective way possible.

Benefits include:
  • Understand the Cyber threat and the need to protect against Cyber attack;
  • Understand the Cyber Security Model and how it works;
  • Understand how to make your IT systems DEFCON 658 ready;
  • Understand your responsibilities with regard to subcontracting;
  • Understand how to let subcontracts using the CSM.

Thales understands the issues the supply chain face and through our partnership with Defence Cyber Protection Partnership have pedigree in the articulation of MOD’s requirements. Thales has a heritage in providing independent cyber security consultancy support in the most complex and security critical environments.

Cyber Vulnerability Investigation

How secure are your IT systems? Could you withstand a cyberattack? Are you sure? There are two ways to answer these questions. One is to wait for an attack to happen. The other is to talk to Thales about a Cyber Vulnerability Investigation (CVI).

Thales’ unique methodology is based on our CVI experience with MOD and commercial partners helping them identify areas which could be exposed to attack.


Benefits include:
  • Establishes the effectiveness of the current set of security controls to mitigate unacceptable impacts to your business
  • Re-invigorates the linkage between the technical and physical vulnerabilities
  • Bespoke impact led tailored investigation to suit the business objectives and environment
  • Re-prioritises investment decisions in cyber in line with business objectives
  • Addresses the real-world vulnerabilities to your business 
Coupling our domain expertise with our security expertise ensures that your CVI is relevant, realistic, and complete.

Cyber Human Error Assessment Tool

Thales’s Cyber Human Error Assessment Tool (CHEAT) is a proven, cost-efficient process for determining how human vulnerabilities, psychological motivations, and cultural issues might weaken an organisation’s cyber security. The tool incorporates automated, tailorable recommendations to mitigate the risk of human-related cyber security incidents.

CHEAT delivers:
  • More detailed consideration of human vulnerabilities than typical Cyber Vulnerability Investigation (CVI) tools
  • Fast collection of detailed human-related threats to cyber security
  • Prioritised recommendations according to:
    • risk; and
    • ease and cost of implementation
  • Consistent, comparable risk scoring:
    • across organisations/departments; and
    • within the same organisation, after mitigation implementation, to demonstrate risk reduction
A Chartered Institute of Ergonomics and Human Factors (CIEHF) accredited consultancy with over 25 years’ experience, we work closely with our cyber security consulting team to provide a combined capability to tackle human-related threats to cyber security.

General Data Protection Regulation Compliance

General Data Protection Regulation (GDPR), which is described in more than 250 pages in the Official Journal of the European Union, governs every aspect of how personal data is captured, stored, processed, protected, used, transferred and how long it can be held.

Very few organisations will be able to comply with GDPR without adopting some new measures and controls. A number of companies may need a major overhaul of their data systems and policies. Fortunately, Thales has the skills and resources to help your team understand the full implications for your particular enterprise and to achieve compliance by the time the regulation comes into effect.
Benefits include:
  • Expert driven: Our qualified privacy consultants will lead you through all stages of the process providing expert knowledge and insight throughout, and ensuring a clear picture of what needs to be done to achieve compliance is compiled
  • Cost effective and timely: A short targeted work-package giving a value for money service providing you with the answers you need to put a programme of work in place to meet the GDPR requirements
  • Risk based: Non compliances will be assessed in terms of their relative risk to both the data subject (“risks to the rights and freedoms of data subjects”) and to the organisation, such that subsequent improvement activities and work can be planned and prioritised in accordance with these risks
  • Actionable: A clear and concise report will present findings and, if necessary, a road map that can be used to drive subsequent compliance improvement activities in time to avoid hefty fines 
Compliance with GDPR will be an on-going activity which must adapt as your organisation evolves. Thales can help.

Cyber HealthCheck

A cyber HealthCheck can provide valuable information at both the strategic and tactical decision making levels. A modular assessment, a HealthCheck can measure a business’ cyber-maturity, identify critical information assets and their relation to the organisation’s mission, generate cyber risk tables, analyse the impact of human factors, reveal technical vulnerabilities, and test the ability to stand up to common cyberattacks.

Thales cyber HealthCheck:
  • Understands your fundamental business mission and how information assets relate to it
  • Measures your cyber security capability against other organisations and industry best practice
  • Discovers specific vulnerabilities in your IT infrastructure that result in a mission failure, and how to resolve them
  • Tests your organisation’s ability to withstand common cyberattacks
Thales Cyber & Consulting are experts in analysis of cyber security risk for mission-critical systems and organisations.


Thales Security Operations Centre (SOC) services offer a Protective Monitoring service which analyses events from multiple sources, including across user accounts, IT infrastructure, network boundaries and security solutions. We offer flexible deployment and Service Level Agreement (SLA) options. Option 1 offers support to set up a SOC on your premises – which Thales staff can operate or handover to your staff. Option 2 is a Thales Managed Service – operated from the Thales SOC.

Thales SOC:
  • Deters and Detects security incidents, non-compliance and misuse of company systems
  • Offers Continuous Improvement of Protective Monitoring and can be used to update and tune network defences
  • Understands Situational Awareness and the type and source of attacks that are seen on your network
  • Ensures Accountability of the systems to ensure they are used for business purposes and not for inappropriate or illegal purposes
Thales conducts protective monitoring for customers around the world. We have 5,000 IT and security engineers, including 1,500 cyber security experts. We deliver Enterprise solutions and a product for 200 customers, including protection of 80% of the world’s banking transactions. Thales is also Multi-sector and conducts Protective Monitoring throughout Energy, Transport, Government, Defence and Transport Sectors.

Thales Intelligence Service

Generating intelligence to inform safety and security critical decision making is not something which a simple tool alone can accomplish – it requires people of integrity and experience to prioritise, sift, interpret and use vast and fragmentary information correctly.

Thales Intelligence Services (TIS) gives access to more insights than ever before, especially when fused with internal and confidential sources, ultimately allowing for clearer insights into opportunities and threats to improve and protect your people, assets and reputation.

  • Reduces overall risk by creating a culture of proactive prevention and pre-emption
  • Reduces resourcing burden by using our dedicated and experienced people and best practice processes
  • Customer centred design approach, integrating with existing teams, systems and processes to ensure a smooth transition into service and greater stakeholder buy-in
  • Access to the benefits of multiple specialist tools without training or system management burdens
Trusted by safety and security critical organisations around the world, TIS provides the people, processes and technology to help you reduce the threats, resolve uncertainty and make timely, insightful decisions to improve and protect your organisation.

Thales Risk Assessment Process

No one knows when or where the next cyberattack will happen, or how serious it will be. But we do know that Industrial Automation and Control Systems (IACS) can present a tempting and newsworthy target.                          

Because IACS are becoming increasingly interconnected it is difficult to perform a thorough risk assessment across the enterprise as a whole. The Thales Risk Assessment Process (TRAP) was devised to deliver value and benefit to the customer while maintaining thoroughness and objectivity.

Benefits include:
  • Provides a prioritised risk profile allowing organisations to target resources in the most effective way
  • Objectively compares your security to industry best practice such as IEC 62443
  • Reveals vulnerabilities and suggests remedial actions
  • Can be repeated when required to monitor continuous improvement in your systems cyber security
  • Entirely scalable and can be tailored to suit any environment 
Our IACS cyber security consultants have direct personal experience of risk and compliance activities and deep domain vertical knowledge in nuclear, rail, aviation, defence, government, air traffic management and automotive markets around the world, and have tackled projects large and small.
We can’t tell you when an attack is about to come, but we can make sure that you’re ready for it.